| Message ID | 20191010004211.31017-1-sstabellini@kernel.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v4] xen/arm: domain_build: harden make_cpus_node() | expand |
On 10.10.19 02:42, Stefano Stabellini wrote: > make_cpus_node() is using a static buffer to generate the FDT node name. > While mpdir_aff is a 64-bit integer, we only ever use the bits [23:0] as > only AFF{0, 1, 2} are supported for now. > > To avoid any potential issues in the future, check that mpdir_aff has > only bits [23:0] set. > > Take the opportunity to reduce the size of the buffer. Indeed, only 8 > characters are needed to print a 32-bit hexadecimal number. So > sizeof("cpu@") + 8 + 1 (for '\0') = 13 characters is sufficient. > > Fixes: c81a791d34 (xen/arm: Set 'reg' of cpu node for dom0 to match MPIDR's affinity) > Signed-off-by: Stefano Stabellini <stefano.stabellini@xilinx.com> Release-acked-by: Juergen Gross <jgross@suse.com> Juergen
Hi Stefano, On 10/10/19 1:42 AM, Stefano Stabellini wrote: > make_cpus_node() is using a static buffer to generate the FDT node name. > While mpdir_aff is a 64-bit integer, we only ever use the bits [23:0] as > only AFF{0, 1, 2} are supported for now. > > To avoid any potential issues in the future, check that mpdir_aff has > only bits [23:0] set. > > Take the opportunity to reduce the size of the buffer. Indeed, only 8 > characters are needed to print a 32-bit hexadecimal number. So > sizeof("cpu@") + 8 + 1 (for '\0') = 13 characters is sufficient. > > Fixes: c81a791d34 (xen/arm: Set 'reg' of cpu node for dom0 to match MPIDR's affinity) > Signed-off-by: Stefano Stabellini <stefano.stabellini@xilinx.com> Reviewed-by: Julien Grall <julien.grall@arm.com> Cheers,
diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c index 921b054520..38adb6e954 100644 --- a/xen/arch/arm/domain_build.c +++ b/xen/arch/arm/domain_build.c @@ -788,8 +788,8 @@ static int __init make_cpus_node(const struct domain *d, void *fdt) unsigned int cpu; const void *compatible = NULL; u32 len; - /* Placeholder for cpu@ + a 32-bit number + \0 */ - char buf[15]; + /* Placeholder for cpu@ + a 32-bit hexadecimal number + \0 */ + char buf[13]; u32 clock_frequency; bool clock_valid; uint64_t mpidr_aff; @@ -847,11 +847,26 @@ static int __init make_cpus_node(const struct domain *d, void *fdt) * the MPIDR's affinity bits. We will use AFF0 and AFF1 when * constructing the reg value of the guest at the moment, for it * is enough for the current max vcpu number. + * + * We only deal with AFF{0, 1, 2} stored in bits [23:0] at the + * moment. */ mpidr_aff = vcpuid_to_vaffinity(cpu); + if ( (mpidr_aff & ~GENMASK_ULL(23, 0)) != 0 ) + { + printk(XENLOG_ERR "Unable to handle MPIDR AFFINITY 0x%"PRIx64"\n", + mpidr_aff); + return -EINVAL; + } + dt_dprintk("Create cpu@%"PRIx64" (logical CPUID: %d) node\n", mpidr_aff, cpu); + /* + * We use PRIx64 because mpidr_aff is a 64bit integer. However, + * only bits [23:0] are used, thus, we are sure it will fit in + * buf. + */ snprintf(buf, sizeof(buf), "cpu@%"PRIx64, mpidr_aff); res = fdt_begin_node(fdt, buf); if ( res )
make_cpus_node() is using a static buffer to generate the FDT node name. While mpdir_aff is a 64-bit integer, we only ever use the bits [23:0] as only AFF{0, 1, 2} are supported for now. To avoid any potential issues in the future, check that mpdir_aff has only bits [23:0] set. Take the opportunity to reduce the size of the buffer. Indeed, only 8 characters are needed to print a 32-bit hexadecimal number. So sizeof("cpu@") + 8 + 1 (for '\0') = 13 characters is sufficient. Fixes: c81a791d34 (xen/arm: Set 'reg' of cpu node for dom0 to match MPIDR's affinity) Signed-off-by: Stefano Stabellini <stefano.stabellini@xilinx.com> --- Changes in v4: - commit message - in-code comments Changes in v3: - make sure only [23:0] bits are used in mpidr_aff - clarify that we only need 32bit for buf writes Changes in v2: - patch added --- xen/arch/arm/domain_build.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-)